After upgrade from Splunk version 6.5.3 to 7.0 management port 8089 - SSL handshake failed through curl or wget. but it works through browser, Can you help us how to access over wget /curl,
[splunk@splunk01 tmp]$ wget --no-check-certificate https://myhostname:8089 --debug
DEBUG output created by Wget 1.11.4 Red Hat modified on linux-gnu.
--2017-10-24 17:41:40-- https://myhostname:8089/
Connecting to myhostname:8089... connected.
Created socket 3.
Releasing 0x000000000b74f1a0 (new refcount 0).
Deleting unused 0x000000000b74f1a0.
Initiating SSL handshake.
SSL handshake failed.
Closed fd 3
Unable to establish SSL connection.
[splunk@splunk01 tmp]$
This Splunk known issue (SPL-141961) upgrading to version 6.6 or later. as per workaround after adding the below config in server.conf and its started working.
http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues#Upgrade_issues
[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
This Splunk known issue (SPL-141961) upgrading to version 6.6 or later. as per workaround after adding the below config in server.conf and its started working.
http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/KnownIssues#Upgrade_issues
[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
If you check the _internal index on the server side, do you see any errors related to the connection?
yes, getting this error in the splunkd.log while accessing this over curl/wget,
10-24-2017 19:48:59.486 -0400 WARN HttpListener - Socket error from xxx.yyy.zzz.abc while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number